Umami
No cookies, no fingerprinting, no cross-site tracking, no personal data collection - Umami's privacy contract is the foundation of the open-source web analytics platform. IP addresses are hashed rather than stored, which makes it GDPR, CCPA, and PECR compliant by default - the consent banner can come off the site entirely. The tracking script is under 2 KB, roughly 20x smaller than Google Analytics, so measurement stops being a page-weight tax. The dashboard covers the core metrics - pageviews, visitors, bounce rate, visit duration, referrers, browsers, devices, and countries - with any date range and filtering by country or device. Beyond pageviews, custom events track clicks, form submissions, and signups via a data attribute or one JavaScript call, and advanced reports add funnels, user journeys, retention and cohort analysis, goals, and automatic UTM campaign tracking. Anonymous session views show individual visitor activity without identifying anyone. Teams share websites with role-based access, one instance manages unlimited sites, and a full REST API exposes every metric programmatically. MIT-licensed and self-hosted on PostgreSQL or MySQL via Docker, your analytics data never leaves your infrastructure.
It Tools
The utilities engineers otherwise scatter across a dozen ad-laden websites - 80+ of them - live together in IT-Tools, one fast, polished web app. Crypto covers JWT decoding, MD5 through SHA-512 hashing, HMAC and bcrypt generation, RSA key pairs, and password strength analysis. Converters handle JSON to CSV, YAML, and TOML, Base64 files, URL encoding, HTML entities, color formats, and Docker run commands to Compose files. Generators produce UUIDv4, ULID, BIP39 mnemonics, QR codes (including Wi-Fi QR), and tokens; text tools include a regex tester, diff viewer, slug and case converters; web utilities parse URLs and user agents, look up HTTP status codes and MIME types, and inspect Open Graph metadata; plus a cron parser, chmod calculator, and more. The privacy argument is the point: JWTs contain user IDs, hashes derive from passwords, JSON dumps hold PII - exactly the inputs you least want a third-party utility site to log. IT-Tools is a frontend-only static bundle (Vue/TypeScript, GPL-3.0, 39k+ GitHub stars) served by Nginx in one container, so everything runs client-side on your infrastructure with nothing transmitted anywhere. New tools ship roughly monthly, and a scaffolding script makes adding custom ones straightforward.
KeeWeb
Your KeePass vaults, opened from any browser: KeeWeb reads, edits, and creates standard KDBX files, so it works with the same databases as KeePass and KeePassXC without conversion or lock-in. Self-hosting the web app gives you a password manager reachable from any modern browser, including mobile, with no client installation and no third-party cloud in the loop. All KDBX cryptography runs client-side; the server just serves the static app. Open multiple vault files simultaneously and search them all from one box, with advanced options covering specific fields, password history, and regular expressions. Vaults load from local files, your own server (WebDAV), or Dropbox, Google Drive, and OneDrive, with automatic sync - and files are cached for offline use, so a dropped connection never locks you out; changes resync once you're back online. Day-to-day niceties include a configurable password generator, protected fields that stay masked and are held in memory more defensively, entry history, tags with easy input, drag-and-drop attachments, and per-entry icons with favicon fetching. The optional KeeWeb Connect extension (Chrome, Firefox, Edge, Safari) autofills credentials using the keepassxc-protocol. MIT-licensed with matching desktop apps for macOS, Windows, and Linux.
Joplin
Notes on Windows, macOS, Linux, Android, iOS, and the terminal, synced through your own server: Joplin pairs its open-source clients with Joplin Server, the official self-hosted backend that replaces Dropbox, OneDrive, or Nextcloud as the synchronization target. Notes are Markdown with inline attachments (images, PDFs, audio), organized into hierarchical notebooks and sub-notebooks with cross-cutting tags, alongside to-do lists with reminders and alarms. End-to-end encryption is the headline feature: enabled in the clients, it encrypts sync payloads on-device before upload, so the server stores blobs it cannot read - genuine protection even if the host is compromised. The desktop app offers both Rich Text and Markdown editors, extended by a plugin ecosystem, custom themes, and an Extension API for writing your own scripts; a Web Clipper for Chrome and Firefox captures full pages or screenshots straight into notebooks. Joplin Server ships as a Docker image with SQLite for evaluation and PostgreSQL for production, offers a filesystem storage driver for large content, and includes multi-user support and note sharing - all free under AGPL-3.0 when self-hosted. Notes stay in an open format, so the exit path always exists.
Gotify
Real-time alerts from your own infrastructure to your phone, with no Firebase, Pushover, or third-party push service in the path: Gotify is a simple, self-hosted notification server written in Go. The model is deliberately minimal: senders push messages with a single HTTP POST to the REST API, receivers subscribe over a WebSocket stream, and a clean React web UI manages the pieces. Senders are namespaced as "applications," each with its own token, so your backup script, Uptime Kuma, CI pipeline, and cron jobs each get an identity, an icon, and independently revocable credentials - centralized alerting from many services with per-source management. Messages carry a title, body, and priority level that maps to notification importance on the client. The official Android app (on both F-Droid and Google Play, notable for working entirely without Google Play Services) shows push notifications for new messages; the web UI itself supports Web Push in the browser; and gotify/cli pushes messages from shell scripts with one command. A server-side plugin system adds custom behavior, and the whole thing runs as a single small binary with SQLite by default - near-zero resource footprint. Because dozens of tools (and Apprise) speak Gotify natively, it slots in as the notification hub for an entire homelab or ops stack.
Rotki
Crypto portfolio tracking that inverts the SaaS model: rotki runs on your own machine, needs no email or account for the free tier, and keeps every wallet address, balance, transaction, and tax event in a local SQLCipher database encrypted with 256-bit AES. By default nothing passes through rotki-operated servers - a design choice that matters when cloud portfolio trackers concentrate exactly the identity-linked holdings data attackers want. Centralized exchanges (Kraken, Binance, Coinbase, Bitstamp, and more) connect through read-only API keys that can see but never withdraw; blockchain accounts cover Ethereum and its L2s, Bitcoin, Solana, Polkadot, and Kusama, with ENS resolution and your choice of RPC endpoint or your own node. rotki decodes on-chain transactions into readable events across major DeFi protocols - Aave, Uniswap, Compound, Curve, Lido - and generates profit-and- loss reports for tax season with customizable accounting settings, including FIFO, LIFO, and HIFO cost-basis methods, plus CSV imports for defunct exchanges. Optional premium sync is zero-knowledge, encrypting the database on-device before upload. AGPLv3-licensed and multiplatform, with a Docker package for server deployment.
Actual Budget
Every unit of income gets a job in Actual Budget - a local-first personal finance app built on envelope (zero-sum) budgeting, where you can only budget cash you actually have, which keeps the plan honest by construction. The data model is a SQLite file that lives on your device and works fully offline; the self-hosted Node.js sync server adds background multi-device synchronization using CRDT-based distributed-systems machinery, browser and mobile access as an installable web app, and automated backups. Optional end-to-end encryption makes the synced data unreadable even to the server hosting it. Transactions enter three ways: manual entry, file import (CSV, QIF, OFX, QFX, CAMT.053), or automatic bank syncing through GoCardless for EU/UK banks and SimpleFIN for US/Canada. Built-in YNAB4 and nYNAB importers migrate complete budget histories, and reports, schedules for recurring transactions, and rule-based transaction cleanup handle the day-to-day. A fully featured local API lets developers script custom importers and automation against their own data. 100% free, open source, and 26k stars strong.
BentoPDF
Merge, split, compress, convert, edit, annotate, redact, OCR, and sign PDFs - BentoPDF packs over 130 tools into a privacy-first toolkit that runs entirely in the browser through WebAssembly. Files are never uploaded - processing happens in browser memory on the user's machine and disappears when the tab closes, which makes the tool GDPR-clean by architecture and safe for financial, legal, and internal documents. The engine combines WASM builds of PyMuPDF, Ghostscript, and CoherentPDF; Tesseract handles OCR with searchable text-layer output; Office conversions cover Word, Excel, and PowerPoint; and digital signatures use X.509 certificates (PFX/PEM) with the private key staying on the client. Because there is no server-side processing, deployment is a static-file exercise: a single Docker container, or any static host. A dedicated self-hosted build strips the marketing pages while keeping every tool, and air-gapped deployments are first-class - an automated script bundles the WASM modules, OCR language data, and fonts for fully offline networks. No accounts, no limits, no watermarks; TypeScript and Vite under the hood.
Cusdis
Comments for small sites without Disqus's baggage: Cusdis is a lightweight, privacy-first, open-source comment system for embedding under blog posts and articles. The embedded JavaScript SDK is about 5 KB gzipped (Disqus is roughly 24 KB), sets no cookies, runs no tracking, and does not require readers to create an account or sign in before commenting. Integration is two lines: a container div with your app ID and an async script tag, with ready-made adapters for common frameworks and static site generators. Moderation is approval-based - new comments stay hidden until you approve them from the dashboard, and email notifications include a Quick Approve link that approves or replies to a comment from your phone without logging in. A webhook fires on every new comment for integrations like Telegram notifications. The widget ships with built-in i18n and dark mode. The stack is TypeScript and Next.js with a Prisma data layer, deployable via Docker with PostgreSQL. Deliberately minimalist: no ads, no reader profiling, and your comment data lives in your own database.
Faved
Large link collections stay fast and organized in Faved, a private, self-hosted bookmark manager built for exactly that job. Its core is a nested tagging system that outgrows flat folders: place Go and Python under Programming Languages, color-code tags, add descriptions, pin frequent ones to the top of the sidebar, and optionally roll up child-tag items into parent views. Saving is frictionless - a lightweight bookmarklet works in any desktop or mobile browser without extensions, and Apple devices can send links through the native Share menu. Faved fetches titles, descriptions, and preview images automatically, keeps that metadata fresh over time, and flags duplicates as you save. Instant as-you-type search, flexible sorting, and bulk actions (retag, delete, refetch) keep collections of any size manageable, while customizable layouts - card, list, or table - plus a system-synced dark mode adapt the interface to your workflow. Migration is first-class: import from Chrome, Safari, Firefox, or Edge with folder structure preserved, or move from Pocket and Raindrop.io keeping tags and collections. The stack is deliberately light - PHP 8 with SQLite behind a React/Tailwind frontend - deploying via Docker with no external dependencies. All data stays local: no ads, no tracking, and no risk of your library vanishing with a discontinued service.
Roundcube
Two decades of continuous development made Roundcube the standard-bearer of open-source webmail - a PHP IMAP client that gives any mail server a polished, application-like interface in the browser. It connects to whatever IMAP/SMTP stack you run - Dovecot, Postfix, a hosted mailbox - and delivers the full desktop-client experience: drag-and-drop message management, threaded conversation views, full MIME and HTML mail handling, find-as-you-type address book with groups and LDAP connectors, multiple sender identities, full-text search, and spell checking in dozens of languages. The default Elastic skin is genuinely responsive, working as well on a phone as a desktop, and the entire UI is skinnable. The plugin API is where deployments get shaped: managesieve exposes server-side filter management in the UI, enigma brings PGP encryption and signing via GnuPG, markasjunk trains spam filters, zipdownload batches attachments, password lets users change credentials, and attachment_reminder catches the classic forgotten-attachment email - among hundreds of community plugins. Built-in caching keeps large mailboxes fast, IMAP ACLs and shared folders support team setups, and XSS protection is engineered into the rendering pipeline. It scales from a single personal mailbox to unlimited users, backed by MySQL, MariaDB, PostgreSQL, or SQLite. GPL-licensed with regular security releases.
LibreTranslate
Machine translation with no Google, no Azure, no per-character billing, and no text leaving your infrastructure: LibreTranslate is a free, open-source translation API that runs entirely on your own server. The engine underneath is Argos Translate, which runs OpenNMT neural models with SentencePiece tokenization and Stanza sentence-boundary detection, all offline. Models install as portable .argosmodel packages covering dozens of languages - English, Spanish, French, German, Chinese, Japanese, Russian, Arabic, Hindi, Portuguese, and many more - and Argos handles automatic pivoting: with es-to-en and en-to-fr installed, it chains them to translate es-to-fr without a direct model. The API is a straightforward HTTP POST to /translate with source and target language codes, returning JSON - simple enough that the ecosystem has clients in every major language and integrations across tools like Weblate and Mastodon. Beyond plain text it translates HTML while preserving markup and handles whole file uploads (documents in, translated documents out), plus automatic language detection when the source is unknown. A clean bundled web UI serves interactive translation for end users, and optional API keys with rate limits control access. AGPL-licensed and trainable with custom models, it is the standard answer when translation must be private, unmetered, and self-contained - GDPR-sensitive text never touches a third party.
SearXNG
Up to 280 search services - Google, Bing, DuckDuckGo, Brave, Qwant, Startpage - aggregated without tracking or profiling: SearXNG is a privacy-respecting metasearch engine (AGPL-3.0, successor to Searx). Your instance queries the upstream engines on your behalf: your IP address, cookies, and search history never reach them, tracker parameters are stripped from result URLs, and an optional image proxy fetches thumbnails server-side so result pages leak nothing. It can even route outbound queries through Tor for full anonymity. Search is organized into categories - general, images, videos, news, maps, music, IT, science, files - with bang shortcuts for targeting specific engines, and every source can be enabled, disabled, or weighted per category in settings.yml. A plugin system adds calculators, hash tools, tracker removal, and unit conversions inline, and preferences (themes, safe search, languages, engine selection) persist in cookies rather than server-side accounts. The real argument for running your own instance rather than trusting a public one is control: you decide the logging policy (none), the engine mix, rate limiting, and who gets access - making it the default search backend for browsers, families, and teams that want Google-quality results without the profile.
Matomo
Several EU data protection authorities have ruled Google Analytics deployments unlawful; Matomo (formerly Piwik) is the most complete open-source replacement - a full analytics platform with 30+ report types across visitors, actions, referrers, goals, and ecommerce. The self-hosted PHP/MySQL edition is free and keeps every byte of visitor data on your infrastructure, which matters more each year: several EU data protection authorities have ruled Google Analytics deployments unlawful, while Matomo configured for cookieless tracking is approved by France's CNIL for use without a consent banner. All reporting runs on 100% unsampled data - no extrapolation at high traffic volumes. The GDPR Manager handles data subject requests and deletion, with IP anonymization, retention controls, and Do Not Track support built in. A dedicated importer pulls your historical Google Analytics data so years of trends survive the migration. Core analytics cover campaigns, custom variables and dimensions, entry/exit pages, downloads, site search, and full ecommerce tracking with a comprehensive HTTP API for reporting and ingestion. Premium plugins extend the platform into Hotjar-class behavioral tooling - click and scroll heatmaps, session recordings, conversion funnels, form analytics, A/B testing - plus a tag manager and SAML SSO. For teams that need GA-equivalent depth with actual data ownership, Matomo is the realistic drop-in replacement.
Chatpad
Why should your chat history live on someone else's servers? Chatpad AI - a React/TypeScript front end for the OpenAI API, built on the Mantine component library - is designed around that question. Enter your own OpenAI API key and start chatting with GPT models; every conversation, prompt, and setting is stored locally in your browser via DexieJS over IndexedDB, with no tracking, no cookies, and no backend database at all. That architecture is the point - the Docker image is just Nginx serving static files, making it one of the lightest AI deployments in the catalog, and pay-per-token API pricing typically undercuts a ChatGPT Plus subscription for moderate use. The interface earns its "premium quality" tagline with the details: a persona selector that switches communication styles per conversation, a saved-prompts library for messages you reuse constantly, organized chat history, and full data export/import so conversations move between browsers or into backups as files you control. A JSON config file customizes defaults - models, API endpoints, UI options - without rebuilding the image. AGPL-licensed, with desktop builds available upstream. For teams that want ChatGPT's utility with a self-hosted, zero-telemetry footprint, Chatpad is the minimal, sane answer.
Miniflux
One statically-compiled Go binary over PostgreSQL, no ORM, no framework, static assets embedded in the executable: Miniflux is the minimalist, opinionated feed reader. The opinions are the feature: page layout, fonts, and colors are tuned for reading, and everything else is treated as noise. It consumes Atom, RSS, and JSON Feed formats with OPML import/export, organizes articles with categories and bookmarks, fetches original full-text content for summary-only feeds, and provides Postgres-powered full-text search. Privacy work happens automatically: pixel trackers are stripped, tracking parameters removed from URLs, a media proxy blocks third-party tracking, referrers are never forwarded, and there is zero telemetry. Navigation is keyboard-first - j/k through items, o to open, f to star - with touch gestures on mobile. Podcast, video, and music enclosures are supported, and YouTube videos play inline. Over 25 integrations save articles onward to Wallabag, Readwise Reader, Pinboard, Linkding, Instapaper, Notion, Telegram, Matrix, Ntfy, and more, plus webhooks and a REST API with Go and Python clients; the Google Reader API endpoint supports existing mobile reader apps. Authentication spans local passwords, passkeys (WebAuthn), Google OAuth2, OpenID Connect, and reverse-proxy headers. It is Apache 2.0 licensed, translated into 20 languages, and updates feeds on an internal scheduler.
Aptabase
Web analytics tools ignore native mobile, desktop, and game apps; Aptabase was built for exactly those. If Firebase Analytics would force a privacy-policy footnote you don't want to write, this is the alternative - session-based metrics with no cookies, no IDFA or GAID, no device fingerprinting, and a daily-rotated salt that makes cross-day re-identification mathematically impossible. That design means GDPR, CCPA, and PECR compliance out of the box and "Data Not Collected" App Store privacy labels without ATT prompts. The SDK coverage is the widest in its category: eleven first-party libraries spanning Swift, Kotlin, Flutter, React Native, Tauri, Electron, .NET MAUI, NativeScript, Unity, Unreal Engine, and JavaScript for web - each MIT-licensed, following platform conventions, and accepting a custom host parameter that points at your instance. Integration is minutes: initialize with an app key, call trackEvent with optional properties, and the dashboard shows sessions, events, app versions, OS breakdowns, and country-level geography. The self-hosted stack is a .NET server over PostgreSQL for metadata and ClickHouse for high-volume event ingestion, giving cloud-parity features under an AGPL license. For indie iOS/Android apps, Electron and Tauri tools, and Unity or Unreal games, it replaces Firebase without the Google entanglement.
Omni Tools
The ad-riddled "free online tools" sites people paste sensitive text into and upload confidential PDFs to - OmniTools replaces that whole ecosystem with one self-hosted app. It bundles 50+ utilities behind one clean React/TypeScript interface: image tools (resize, convert, crop, edit), video and audio tools (trim, reverse, convert), PDF tools (split, merge, edit), text and list utilities (case converters, formatters, shufflers), plus date/time, math, and data-format helpers for JSON, CSV, and XML. The architectural decision that makes it trustworthy is that all file processing happens entirely client-side in the browser - the server only serves static assets, and nothing you process ever leaves your device. That design has a pleasant side effect: the host needs almost no resources (people run it on a Raspberry Pi Zero), because your browser does the work while the server just delivers files. The Docker image is a remarkable 28 MB, making it one of the fastest apps to deploy and cheapest to keep running. There are no ads, no tracking, no accounts, and no upload limits. With multi-language support and an MIT license, it works equally well as a personal toolbox or a team-wide internal utility portal - one URL that replaces a bookmark folder full of questionable converters. Actively developed with 50 contributors and 9,500+ GitHub stars.